Refs #3461 -- parse SCTs from x.509 extension (#3480)

* Stub API for SCTs, feedback wanted * grr, flake8 * finish up the __init__ * Initial implementation and tests * write a test. it fails because computer * get the tests passing and fix some TODOs * changelog entry * This can go now * Put a skip in this test * grump * Removed unreachable code * moved changelog to the correct section * Use the deocrator for expressing requirements * This needs f for the right entry_type * coverage * syntax error * tests for coverage * better sct eq tests * docs * technically correct, the most useless kind of correct * typo and more details * bug * drop __eq__
author: Alex Gaynor <alex.gaynor@gmail.com> 2017-06-04 13:36:58 -0400
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2017-06-04 07:36:58 -1000
commit: 6a0718faddbc7b6b57f86417f6daa468c18ea248 (patch)
tree: 624fe16cf368a13cbbd7370b2a4780fa5da76c91 /src/cryptography/hazmat/backends/openssl/decode_asn1.py
parent: 140ec5d6e2167692ba5619b368f44a1b07f96a4a (diff)
download: cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.tar.gz
cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.tar.bz2
cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
index 282e30f0..ab97dc19 100644
--- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py
+++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
@@ -597,6 +597,21 @@ def _decode_inhibit_any_policy(backend, asn1_int):
     return x509.InhibitAnyPolicy(skip_certs)
 
 
+def _decode_precert_signed_certificate_timestamps(backend, asn1_scts):
+    from cryptography.hazmat.backends.openssl.x509 import (
+        _SignedCertificateTimestamp
+    )
+    asn1_scts = backend._ffi.cast("Cryptography_STACK_OF_SCT *", asn1_scts)
+    asn1_scts = backend._ffi.gc(asn1_scts, backend._lib.SCT_LIST_free)
+
+    scts = []
+    for i in range(backend._lib.sk_SCT_num(asn1_scts)):
+        sct = backend._lib.sk_SCT_value(asn1_scts, i)
+
+        scts.append(_SignedCertificateTimestamp(backend, asn1_scts, sct))
+    return x509.PrecertificateSignedCertificateTimestamps(scts)
+
+
 #    CRLReason ::= ENUMERATED {
 #        unspecified             (0),
 #        keyCompromise           (1),
@@ -751,6 +766,9 @@ _EXTENSION_HANDLERS = {
     ExtensionOID.ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name,
     ExtensionOID.NAME_CONSTRAINTS: _decode_name_constraints,
     ExtensionOID.POLICY_CONSTRAINTS: _decode_policy_constraints,
+    ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS: (
+        _decode_precert_signed_certificate_timestamps
+    ),
 }
 
 _REVOKED_EXTENSION_HANDLERS = {
author	Alex Gaynor <alex.gaynor@gmail.com>	2017-06-04 13:36:58 -0400
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2017-06-04 07:36:58 -1000
commit	6a0718faddbc7b6b57f86417f6daa468c18ea248 (patch)
tree	624fe16cf368a13cbbd7370b2a4780fa5da76c91 /src/cryptography/hazmat/backends/openssl/decode_asn1.py
parent	140ec5d6e2167692ba5619b368f44a1b07f96a4a (diff)
download	cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.tar.gz cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.tar.bz2 cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.zip